If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Snort Question

Hey I am newbie and I'm try to set up snort I found the command in the menu I enter in the passwords for snort and mysql, then I enter in the sudo password. I get the setting up snort please be patient then the command prompt. Does this mean that snort is working? Is there a way to test said program? Or am i missing a step?

>>if you don't see any'numer' eq process id, you need to start it manual.
>>HINT: Don't start snort in background mode, if you never have used it before or especially for testing purposes!
>>the most simple snort start: sudo snort -c /etc/snort/snort.conf

3. check if apache is running (needed if you' like to see snort alerts in the base graphical frontend)

Re: Snort Question

Re: Snort Question

Originally Posted by brtw2003

don't setup snort blindley - you have to understand the basic concepts/components of an IDS/IPS.

Agreed. Snort is not something you can just run without any planning or knowledge of how an IDS works. The Snort Users Manual is a good place to start if you want to learn about how it works, how to write rules, tune the system, the different Snort run modes, alerting, logging, etc.

I am planning to write a tutorial on how to test IDS bypass methods with Snort sometime in the near future, so if the subject interests you you might want to look out for that. In the meantime though, start reading, because IDS systems require a lot of knowledge to run effectively.

Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".